In association with heise online

22 June 2013, 11:04

The H Roundup - VP9, LibreOffice, Oracle, Red Hat and Java EE 7

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The H Roundup logo Welcome to The H Roundup, your review of the week with the most read news on The H, the security alerts and open source releases, and the essential feature articles – all in one quick-to-scan news item. This week: VP9 matures, LibreOffice stabilises, SCO came back, Oracle slipped up, Red Hat grew, Songbird died, and open source got a knock back from the UK government. Also features looked at Java EE 7 and how to secure web applications with CSP.

Top News

Google's VP9 video codec is getting closer to being deployed as it begins to be enabled in Chrome and Chromium. Meanwhile, as a prelude to LibreOffice 4.1, 4.0.4 has been released with a wide range of fixes. And back from the archives, SCO has managed to breath life into its case against IBM over Linux.

Accidents can happen as Oracle found out when a bug removed the GPLv2 licence from the MySQL manual pages, a result that was noted by the MariaDB developers. Meanwhile Red Hat is saying it hasn't picked databases for RHEL 7, despite an engineer stating they had done so at the Red Hat Summit. It made no difference to the company, which continues to deliver a good set of figures for the last quarter.

It may have required physical access, but a bug in BlackBerry 10 OS meant an attacker could compromise the remote password reset facility in the mobile operating system. The UK government rolled back their previously stated preference for open source software to a much more inoffensive, at least for particular lobbyists, level playing field declaration.

It is deceased – it has shuffled off its mortal coil; so it ended for the development of the Songbird media player. Still at least new things are being made out there as The H covered in the latest instalment of Hardware Hacks.


As Java EE 7 arrived, The H asked Markus Eisele to round up what actually arrived in the somewhat feature-muted release and what is going to make a difference to Java developers as the standard settles in.

XSS – cross-site scripting – plagues the modern web site and, despite trying to convince developers to be extremely careful when processing input from users in web apps, it still happens. Now CSP, Content Security Policy, offers a way to lock down what and where input comes from to block malicious content being ingested. The H Security takes a look at what's needed to make use of CSP.

Open Source Releases

Updates for Debian 7, MediaGoblin, LLVM, Subversion, TypeScript, and the arrival of TokuMX's storage-enhanced variant of MongoDB, PHP 5.5 and more make up a busy week of releases. More releases can be found in The H's regular items, Open Recall and Developer Break.

There was also the appearance of the first OpenMandriva alpha, drawing heavily on ROSA. A Wayland-enabled Kwin arrived in the latest KDE 4.11 beta and Google's Dart drew closer as the JavaScript replacement reached beta.

Security Alerts

As well as the previously mentions BlackBerry 10 OS critical hole, a more important, wide-ranging security update came when Oracle fixed 40 holes in Java – 37 of which could be exploited remotely without authentication.

For everything The H has published in the last week, check out the last seven days of news. To keep up with The H, subscribe to the RSS feed, or follow honlinenews on Twitter. You can follow The H's own tweeting on Twitter as honline.



  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit